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REMARKS 

This Application has been carefully reviewed in light of the Office Action mailed 
April 21, 2005. Claims 1-24 were pending in the Application. In the Office Action, Claims 
1-24 were rejected. In order to expedite prosecution of this Application, Applicants amend 
Claim 10. Thus, Claims 1-24 remain pending in the Application. Applicants respectfully 
request reconsideration and favorable action in this case. 

In the Office Action, the following actions were taken or matters were raised: 

SPFrTFTC ATTON OR.IFCTIONS 

The specification was objected to for informalities. The Examiner suggested that 
Applicants provide the serial numbers of all co-pending applications mentioned on pages 1-2 
and 7 of the disclosure. Applicants have so amended pages 1-2 and 7 of the specification to 
include the serial numbers of the respective noted co-pending applications. Applicants 
respectfully request that the specification objections be withdrawn. 

DOUBT F PATFNTTNC RFTFCTTON 

Claims 1-8, 10-19 and 21-24 were provisionally rejected under the judicially created 
doctrine of obviousness-type double patenting as being unpatentable over claims 1-8, 9-18, 
and 20-23 of co-pending Application No. 10/002,064. In this regard, the Examiner states that 
"[although the conflicting claims are not identical, they are not patentably distinct from each 
Other because the subject matter claimed in the instant application is fnlly disclosed in the 
referenced copending [sic] application" (Office Action, page 2) (emphasis added). 
Applicants respectfully traverse this provisional rejection. 

Applicants respectfully remind the Examiner that for an obviousness-type double 
patenting rejecting, the disclosure of the co-pending application may not he used as prior art 
against the claims of the instant application. See M.P.E.P. § 804(II)(B)(1). Independent 
Claim 1 of the co-pending application, for example, recites "retrieving an web browser-based 
template" and "graphically displaying the correlated decoded data components using the web 
browser-based template." At least the above-referenced limitations of independent Claim 1 
of the co-pending application are not recited by the claims of the instant application. 
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However, the Examiner has not provided any basis or reasoning as to why the Examiner 
considers the claims of the co-pending application an obvious variation of the invention 
defined by a claim of the instant application, which is required to support an obviousness-type 
double patenting rejecting. See M.P.E.P. § 804(II)(B)(l)(a). Nor has the Examiner provided 
any such reasoning for remaining rejected Claims 2-8, 10-19 and 21-24 of the instant 
application. To the contrary, the Examiner appears to reject the claims of the instant 
application based solely on the disclosure of the co-pending application, which is improper. 
Accordingly, for at least this reason, the rejection is improper and should be withdrawn. 

TYR AWINO OR TFrTTONS 

The drawings were objected to as failing to comply with 37 CFR §1.84(p)(4). 
Specifically, the Examiner indicated that reference character "18" was used to designate both 
"storage device or database" in FIGURE 1 and "HTML" in FIGURE 2. Applicants 
respectfully disagree. Applicants' specification, referring to FIGURE 1, recites: "A storage 
device or database (DB) 18 storing a variety of information is accessible by intrusion 
protection system 14" (page 5, lines 18-20, FIGURE 1). In FIGURE 2 of Applicants' 
specification, Applicants respectfully submit that reference numeral 18 is used to generally 
refer to such a database (e.g., by indication with an arrowhead and being offset or not directly 
contacting any element in FIGURE 2) where, in FIGURE 2, such a database 18 comprises 
HTML templates 30. Thus, Applicants respectfully submit that Applicants' use of reference 
numeral 18 in FIGURES 1 and 2 is proper, and request that this drawing objection be 
withdrawn. 

The Examiner also objected to the drawings as failing to comply with 37 CFR 
1.84(p)(5) because the reference character 124 in FIGURE 5 was not mentioned in the 
description. Applicants have amended FIGURE 5 to remove reference numeral 124. A 
replacement sheet of the drawing containing amended FIGURE 5 is attached herewith in 
Appendix A. Applicants respectfully request that this drawing objection be withdrawn. 

CI ATM OR.TFCTTONS 
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components of intrusion signature, data summary, and detailed data)" should be amended to 
remove the parentheses in order for the limitation to be given patentable weight. Applicants 
have so amended Claim 10 such that Claim 10 recites "capturing data related to the intrusion 
event, the data comprising data components of intrusion signature, data summary, and 
detailed data." Applicants submit that the above-referenced amendment to Claim 10 is not 
made based on any cited reference and, therefore, does not narrow or otherwise change the 
scope of Claim 10. Therefore, Applicants respectfully request that this objection be 
withdrawn. 

SECTION 101 REJECTIONS 

Claims 1-9 and 17-24 were rejected under 35 U.S.C. §101 as being directed to non- 
statutory subject matter. Applicants respectfully traverse this rejection. 

In the Office Action, the Examiner appears to assert that because Claims 1 and 17 
recite "decipherable by humans," such claims are directed to non-statutory subject matter 
(Office Action, page 5). Applicants respectfully disagree. Applicants respectfully refer the 
Examiner to M.P.E.P. § 2106(IV)(B)(2)(a) which recites that "[o]ffice personnel must treat 
each claim as a whole" (emphasis added). Further, a claim is limited to a practical 
application, and is therefore statutory, when the method, as claimed, produces a concrete, 
tangible and useful result. M.P.E.P. § 2106(IV)(B)(2)(b)(ii). Applicants respectfully submit 
that independent Claims 1, 9 and 16, when evaluated as a whole ^ produce a concrete, tangible 
and useful result and, therefore, are statutory. For example, independent Claim 1 is directed 
toward a "method of displaying data related to an intrusion event on a computer system" 
comprising "capturing data related to the intrusion event," "decoding the captured data" and 
"correlating data components of the intrusion signature, data summary and detailed data to 
one another." Thus, independent Claim 1 is clearly producing a concrete, tangible and useful 
result and, therefore, is statutory. Independent Claim 17 recites similar limitations that also 
produce a concrete, tangible and useful result. 

Moreover, even when the portion of Claims 1 and 17 referred to by the Examiner are 
viewed in isolation, which Applicants submit is improper, such portion, by itself, produces a 
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concrete, tangible and useful result. For example, Claim 1 recites "decoding [captured data 
related to an intrusion event] from a first predetermined format to a second predetermined 
format decipherable by humans" (e.g., decoding from a machine-readable format to a human- 
readable format). Accordingly, Claims 1 ands 17, and Claims 2-9 and 18-24 that depend 
respectively therefrom, are directed toward patentable subject matter. Therefore, Applicants 
respectfully request that this rejection be withdrawn. 

sfction \m REJECTIONS 

Claims 1, 5-10, 13-17, and 21-24 were rejected under 35 U.S.C. 102(a) as being 
anticipated by U.S. Patent No. 6,269,447 issued to Maloney et al. (hereinafter "Maloney"). 
Applicants respectfully traverse this rejection. 

Of the rejected claims, Claims 1, 10 and 17 are independent. Applicants respectfully 
submit that Maloney does not disclose, teach or suggest the limitations of independent Claims 
1,10 and 17. For example, in the Office Action, the Examiner refers to column 4, lines 34- 
40, of Maloney as disclosing "decoding the captured data from a first predetermined format to 
a second predetermined format decipherable by humans" as recited by independent Claim 1 
(Office Action, pages 5 and 6). Applicants respectfully disagree. Column 4, lines 34-40, of 
Maloney appears to recite that "[d]ata in the knowledge base 16 is made available to a data 
parsing tool 18 that converts the captured network data from the discovery tool 12 to a form 
useable by downstream programs of the system" (emphasis added). Thus, Applicants 
respectfully submit that the portion of Maloney referred to by the Examiner does not appear 
to disclose or even suggest "decoding the captured data [related to an intrusion event] from a 
first predetermined format to a second predetermined format decipherable by humans " as 
recited by independent Claim 1 (emphasis added). Accordingly, for at least this reason, 
independent Claim 1 is patentable over Maloney. 

Additionally, independent Claim 1 recites "decoding the captured data [related to an 
intrusion event] ... the decoded data comprising . . . intrusion signature, data summary, and 
detailed data" and "correlating data components of the intrusion signa t ure, data summary and 
detailed data to one another" (emphasis added). In the Office Action, the Examiner refers to 
column 4, lines 34-40 and 53-60, of Maloney as disclosing the above-referenced limitations 
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of independent Claim 1 (Office Action, page 6). Applicants respectfully disagree. Maloney 
appears to disclose a discovery tool 12 that "collects traffic and usage data" which becomes 
part of the knowledge base 16 of Maloney {Maloney, column 4, lines 23-26) (emphasis 
added). Maloney also appears to disclose that data in the knowledge base 16 of Maloney is 
accessed by a parsing tool 18 and made available to an analytical engine 20 for analyzing the 
data captured by the discovery tool 12 and for developing and comparing network usage 
patterns {Maloney, column 4, lines 34-41). Maloney also recites : 

After collecting and organizing data, the analytical engine 20 
can be used to make associations between a number of different 
data charts to determine correlation and differentiation. 
Relationships between an array of data sources are then 
available to verify hypothesis, to correlate relationships among 
multiple data sets and to identify target data within a large data 
set. Network data needs to be analyzed in order to relate 
knowledge base data to session data, packet data, and alert data. 
These relationships assist in determining who has been talking 
to whom, as well as the content of the traffic for specific 
protocols .... In the process of analyzing network data, a 
determination is made as to what IP and/or MAC addresses are 
common to more than one data set. . . . The average of what BP 
and MAC addresses exist are used to create a link chart 
representing traffic between each address set. 

{Maloney, column 4, lines 54-67, column 5, lines 1-4). Thus, Maloney does not appear to 
disclose or even suggest, in the portion of Maloney referred to by the Examiner or elsewhere 
in Maloney, that the data decoded by the Maloney system includes "data components of [an] 
intrusion signature" as recited by independent Claim 1 (emphasis added). Further, the 
"correlating" function purportedly performed by the Maloney system and referred to by the 
Examiner in the Office Action appears to be directed toward network usage data and patterns, 
in contrast to "correlating data components of the intrusion signature ^ data summary and 
detailed data to one another" as recited by independent Claim 1 (emphasis added). In fact, the 
Examiner does not appear to explicitly identify any disclosure in Maloney regarding decoding 
data related to an intrusion event to obtain "data components of [an] intrusion signature " or 
"correlating [the] data components of the intrusion signature" to other data as recited by 
independent Claim 1 (emphasis added). Accordingly, for at least these reasons also, 
Applicants respectfully submit that independent Claim 1 is patentable over Maloney. 
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Independent Claim 10 recites, at least in part, "capturing data related to the intrusion 
event, the data comprising data components of intrusion signature, data summary, and 
detailed data" and "correlating data components of the intrusion signature, data summary and 
detailed data to one another" (emphasis added), and independent Claim 17 recites, at least in 
part, "a network driver capturing data related to an intrusion event upon detecting a 
predetermined intrusion signature," "a decode engine decoding the captured data from a first 
predetermined format to a second predetermined format decipherable by humans, the decoded 
data comprising data components of intrusion event Hata J data summary, and detailed data" 
and "a user interface correlating data components of the intrusion signature ^ intrusion event 
data, data summary and detailed data to one another" (emphasis added). At least for the 
reasons discussed above in connection with independent Claim 1, Applicants respectfully 
submit that Maloney does not disclose or even suggest each and every limitation of 
independent Claims 10 and 17. 

Claims 5-9, 13-16 and 21-24 that depend respectively from independent Claims 1, 
10 and 17 are also not anticipated by Maloney at least because they incorporate the 
limitations of respective Claims 1,10 and 17 and, also, they add additional elements that 
further distinguish Maloney. Therefore, Applicants respectfully request that the rejection 
of Claims 5-9, 13-16 and 21-24 be withdrawn. 

SFCTTON 101 KF.TFCTTONS 

Claims 2-4, 11-12 and 18-20 were rejected under 35 U.S.C. 103(a) as being 
unpatentable over Maloney as applied to claims 1, 10 and 17 and further in view of U.S. 
Patent No. 6,775,583 issued to Slodowski et al. (hereinafter "Slodowski"). Applicants 
respectfully traverse this rejection. 

Claims 2-4, 11, 12, and 18-20 depend respectively from independent Claims 1, 10 and 
17. At least for the reasons discussed above, independent Claims 1, 10 and 17 are in 
condition for allowance. Therefore, Claims 2-4, 11, 12, and 18-20 that depend respectively 
therefrom are also in condition for allowance. Accordingly, Applicants respectfully request 
that the rejection of Claims 2-4, 11, 12, and 18-20 be withdrawn. 
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CONCTUSTON 



Applicants have made an earnest attempt to place this case in condition for immediate 
allowance. For the foregoing reasons and for other reasons clearly apparent, Applicants 
respectfully request reconsideration and full allowance of all pending claims. 

No fee is believed due with this Response. If, however, Applicants have overlooked 
the need for any fee due with this Response, the Commissioner is hereby authorized to charge 
any fees or credit any overpayment associated with this Response to Deposit Account No. 08- 
2025 of Hewlett-Packard Company. 



Date: Tuly 1Q 2005 

Correspondence to: 

L.Joy Griebenow 

Hewlett-Packard Company 

Intellectual Property Administration 

P. O. Box 272400 

Fort Collins, CO 80527-2400 

Tel. 970-898-3884 



Respectfully submitted, 




Jpmzs L. Baudino 
Reg. No. 43,486 
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